A single supervised learning model to detect fake access points, frequency sweeping jamming and deauthentication attacks in IEEE 802.11 networks

Wireless networks are nowadays indispensable components of telecommunication infrastructures. They offer flexibility, mobility and rapid expansion of telecommunication infrastructures. In wireless networks, transmissions are unisolated and most commonly emitted using omnidirectional antennas. This makes wireless networks more vulnerable to some specific attacks as compared to wired networks. For instance, attacks such as fake access points, intentional jamming and deauthentication can be easily perpetrated against IEEE 802.11 networks using freely accessible software and cheap hardware. Intentional jamming and deauthentication attacks are standalone attacks, but they can be combined with the fake access point attack to increase the latter’s effectiveness. In our research, we work on methods to detect the three different attacks when they are perpetrated independently (one at a time) or concurrently (several at the same time). In this contribution, we present a model that can detect the three attacks, when perpetrated independently, by analysing a set of features (frame interval, Received Signal Strength Indicator, sequence number gap and management frame subtype) extracted from IEEE 802.11 management frame and radiotap headers. We have implemented the model using several supervised learning algorithms. The model with Random Forest and the K-Nearest Neighbour predictors have best detection precision (over 96 %) for fake access point and deauthentication attacks and perfectible detection precision for the intentional jamming attack (over 81%).